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IN THE CLAIMS 
Amended claims follow: 

1 . (Currently Amended) A method for monitoring intrusion activity utilizing a 
plurality of firewalls, comprising: 

(a) establishing network communications wi&-between a server computer and a 
plurality of client computers with firewalls over a network, wherein the firewalls 
are adapted for collecting information relating to intrusion activity, and include a 
list of trusted and banned addresses ; 

(b) collecting the information from the firewalls of the client c omputers utilizing the 
networ k for identifying, similar intrusion activity ac ross a subset of the plurality 
of client computers ; and 

(c) transmitting a response to the firewalls of 4&eeach of the plurality of client 
computers utilizing the network; 

(d) wherein the firewalls are adapted for preventing the similar i ntrusion activity 
across each of the plurality of client computers u tilizing the response. 

2. (Currently Amended) The method as recited in claim 1, and further comprising 
heuristically analyzing the information to ascertain the similar i ntrusion activity. 

3. (Currently Amended) The method as recited in claim 1 3 and further comprising 
generating rules for preventing the similar i ntrusion activity utilizing the firewalls, 

4. (Original) The method as recited in claim 3, wherein the response includes the 
rules, 

5. (Original) The method as recited in claim 1, wherein the information is collected 
by the firewalls automatically. 
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6. (Original) The method as recited in claim 5, wherein the information is collected 
by the firewalls periodically. 

7. (Original) The method as recited in claim 1, wherein the information is 
transmitted utilizing an HTTP protocol. 

8. (Currently Amended) A system for monitoring intrusion activity utilizing a 
plurality of firewalls, comprising: 

(a) logic for establishing network communications wkk-between a server computer 
and a plurality of client computers with firewalls over a network, wherein the 
firewalls are adapted for collecting information relating to intrusion activit y, and 
include a list of trusted and banned addresses ; 

(b) logic for collecting the information from the firewalls of the cliratcomputers 
utilizing the networ k, for identifying similar intrusion activity across a subset of 
the plurality of client computers ; and 

(c) logic for transmitting a response to the firewalls of tk eeach of the plurality of 
client computers utilizing the network; 

(d) wherein the firewalls are adapted for preventing the similar intrusion activity 
across each of the plurality of client computers u tilizing the response. 

9. (Currently Amended) A computer program product for monitoring intrusion 
activity utilizing a plurality of firewalls, comprising: 

(a) computer code for establishing network communications wife -between a server 
computer and a plurality of client c omputers with firewalls over a network, 
wherein the firewalls are adapted for collecting information relating to intrusion 
activit y, and include a list of trusted and banned addresses : 

(b) computer code for collecting the information from the firewalls of the client 
computers utilizing the networ k, for identifying similar intrusion activity across a 
subset of the plurality of client computers ; and 

(c) computer code for transmitting a response to the firewalls of fe e each of the 
plurality of client computers utilizing the network; 
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(d) wherein the firewalls are adapted for preventing the similaLintrusion activity 
across each of the plurality of client computers utilizing the response. 

1 0. (Currently Amended) A method for reporting intrusion activity utilizing a 
plurality of firewalls, comprising: 

(a) establishing network communications with -between a server computer and a 
plurality of client c omputers with firewalls over a network, wherein the firewalls 
are adapted for collecting information relating to intrusion activity, and include a 
list of trusted and banned addresses ! 

(b) collecting the information from the firewalls of the client computers utilizing the 
network; 

(c) analyzing the information to ascertain intrusion activity including similar 
intrusion activity across a subset of the plurality of client computers; 

(d) identifying a source of the ascertained intrusion activity; and 

(e) notifying the source of the ascertained intrusion activity. 

1 1 . (Original) Hie method as recited in claim 10, wherein the information is 
heuristically analyzed. 

12. (Original) The method as recited in claim 10, wherein the identification of the 
source includes identifying an Internet Protocol (IP) address associated with at 
least one source of the intrusion activity. 

13. (Original) The method as recited in claim 12, wherein the identification of the 
source further includes looking up an electronic-mail address based on the IP 
address. 

14. (Original) The method as recited in claim 10, wherein the notification includes an 
electronic mail. 
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15. (Original) The method as recited in claim 10, wherein the notification includes a 
summary of the intrusion activity, 

16. (Original) The method as recited in claim 10, and further comprising determining 
whether a response to the notification is received. 

1 7. (Original) The method as recited in claim 16, wherein if it is determined that the 
response to the notification is not received, reporting the source of the intrusion 
activity to a central intrusion activity watch service. 

1 8. (Original) The method as recited in claim 17, wherein the central intrusion 
activity watch service notifies the public of the source of the intrusion activity via 
a web interface. 

19. (Currently Amended) A system for reporting intrusion activity utilizing a plurality 
of firewalls, comprising: 

(a) logic for establishing network communications wtth -between a server computer 
and a plurality of client computers with firewalls over a network, wherein the 
firewalls are adapted for collecting information relating to intrusion activit y, and 
include a list of trusted and banned addresses: 

(b) logic for collecting the information from the firewalls of the client computers 
utilizing the network; 

(c) logic for analyzing the information to ascertain intrusion activit y including similar 
intrusion activity across a subset of the pluralit y of client computers: 

(d) logic for identifying a source of the ascertained intrusion activity; and 

(e) logic for notifying the source of the ascertained intrusion activity. 

20. (Currently Amended) A computer program product for reporting intrusion activity 
utilizing a plurality of firewalls, comprising: 

(a) computer code for establishing network communications wi febetween a server 
computer and a plurality of client computers with firewalls over a network, 



PAGE 8(16 * RCVD AT 12/12/2005 2:59:31 PM [Eastern Standard Time] * SVR:USPT0-ff XRF-6/27 * DNIS:2738300 * CSID:4089714660 * DURATION (mm-ss):0348 



■ DEC. 1 2. 2005 1 2:1 0PM ZILKA-KOTAB, PC 

-6- 



NO. 1230 P. 9 



wherein the firewalls are adapted for collecting information relating to intrusion 
activit y, and include a list of trusted and banned addresses ; 

(b) computer code for collecting the information from the firewalls of the client 
computers utilizing the network; 

(c) computer code for analyzing the information to ascertain intrusion activity 
including similar intrusion activity across a subset of the plurality of client 
computers ; 

(d) computer code for identifying a source of the ascertained intrusion activity; and 

(e) computer code for notifying the source of the ascertained intrusion activity. 

2 1 . (Currently Amended) A method for monitoring intrusion activity utilizing a 
firewall, comprising: 

[(a) Jcollecting information relating to intrusion activity utilizing a firewall associated 

with a client c omputer; 
[(b) ]transmitting the information from the firewall associated with the computer to a 

central server utilizing the network; 
[(c) Jreceiving a response from the central server utilizing the network; 
[(d) Jwherein the firewall is adapted for preventing the intrusion activity utilizing the 

response; 

wherein the central server is adapted for collecting information from a plurality of 
the client computers for identifying similar intrusion activity across a subset of the 
plurality of client computers . 

22. (Currently Amended) A method for monitoring intrusion activity utilizing a 
plurality of firewalls, comprising: 

(a) establishing network communications wife -between a server computer and a 

plurality of client_ computers with firewalls over a network, wherein the firewalls 
are adapted for collecting information relating to intrusion activit y, and include a 
list of trusted and banned addresses ; 
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(b) collecting the information from the firewalls of the client c omputers utilizing the 
netwo rk, for identifying similar intrusion activity across a subset of the plurality 
of client computers; 

(c) heuristicaUy analyzing the information to ascertain the similar i ntrusion activity; 

(d) generating rules for preventing the similar i ntrusion activity utilizing the firewalls 
based on the heuristic analysis; 

(e) transmitting the rules to the firewalls of the each of the plurality of client 
computers utilizing the network, wherein the firewalls are adapted for preventing 
the similar intrusion activity across each of th e plurality of client computers 
utilizing the rules; 

(f) identifying an Internet Protocol (IP) address associated with at least one source of 
the similar intrusion activity; 

(g) looking up an electronic-mail address based on the IP address; 

(h) generating a summary of the information relating to the similaLintrusion activity 
associated with the source; 

(i) transmitting the summary to the electronic-mail address in the form of electronic- 
mail; 

(j) determining whether a response to the electronic-mail is received; and 
(k) if it is determined that the response to the electronic-mail is not received, 

reporting the source of the similar intrusion activity to a central intrusion activity 
watch service, wherein the central intrusion activity watch service notifies the 
publie of the source of the similar i ntrusion activity via a web interface. 

23. (New) The method as recited in claim 1 , wherein the subset of the plurality of 
client computers includes a large subset of the plurality of client computers. 

24. (New) The method as recited m claim 1 9 wherein the similar intrusion activity 
includes a similar port scan performed across the subset of the plurality of client 
computers. 
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25. (New) The method as recited in claiml , wherein the similar intrusion activity 
includes an e-mail with a similar phrase sent across the subset of the plurality of 
client computers. 

26. (New) The method as recited in claim 1, wherein a user of each of the plurality of 
client computers is required to subscribe in order to track the collected 
information and confirm the collected information. 

27. (New) The method as recited in claim 1, wherein the collected information is 
included in a report according to categories of events. 

28. (New) The method as recited in claim 27, wherein additional information 
associated with the collected information is reported including a time and date of 
when the information was collected, an Internet Protocol address associated with 
the collected information and applications associated with the collected 
information. 

29. (New) The method as recited in claim 27, wherein the report is generated upon 
selection of a report icon in a graphical user interface. 
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